Primavera gateway

This hub aggregates every CVE we track for Primavera gateway, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.

Enterprise Softwareon-premweb app

CVEs tracked

Critical

High

In CISA KEV

Severity distribution

HIGH27MEDIUM23CRITICAL16LOW1

Monthly trend

2024-072026-06

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting Primavera gateway.

CVE-2023-21888Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering (component: WebUI). Supported versions that are affected are 18.8.0-18.8.15, 19.12.0-19.12.15, 20.12.0-20.12.1...5.4Jan 17, 2023
CVE-2020-36518jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.7.5Mar 11, 2022
CVE-2022-23437Infinite loop within Apache XercesJ xml parser6.5Jan 24, 2022
CVE-2021-44832Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration6.6Dec 28, 2021
CVE-2021-45105Apache Log4j2 does not always protect from infinite recursion in lookup evaluation5.9Dec 18, 2021
CVE-2021-41183XSS in `*Text` options of the Datepicker widget6.5Oct 26, 2021
CVE-2021-2351Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows u...8.3Jul 20, 2021
CVE-2021-36374Apache Ant ZIP, and ZIP based, archive denial of service vulerability5.5Jul 14, 2021
CVE-2021-36373Apache Ant TAR archive denial of service vulnerability5.5Jul 14, 2021
CVE-2021-36090Apache Commons Compress 1.0 to 1.20 denial of service vulnerability7.5Jul 13, 2021
CVE-2021-21409Possible request smuggling in HTTP/2 due missing validation of content-length5.9Mar 30, 2021
CVE-2021-23337Command Injection7.2Feb 15, 2021
CVE-2020-28500Regular Expression Denial of Service (ReDoS)5.3Feb 15, 2021
CVE-2020-36179FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.8.1Jan 6, 2021
CVE-2020-36180FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.8.1Jan 6, 2021

Product normalization is registry-driven with AI assist and human review. How it works